drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in curl (Aktualisierung)
Name: |
Preisgabe von Informationen in curl (Aktualisierung) |
|
ID: |
USN-4466-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 ESM |
|
Datum: |
Do, 20. August 2020, 21:12 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231 |
|
Applikationen: |
curl |
|
Update von: |
Preisgabe von Informationen in curl |
|
Originalnachricht |
--===============1562979101573731261== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qMm9M+Fa2AknHoGS" Content-Disposition: inline
--qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4466-2 August 20, 2020
curl vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
curl could be made to expose sensitive information over the network.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-4466-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm5 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm5 libcurl3-nss 7.35.0-1ubuntu2.20+esm5
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4466-2 https://usn.ubuntu.com/4466-1 CVE-2020-8231
--qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl8+fX0ACgkQRbznW4QL H2k+Dw//ZVHUupeOV29Cu5oGZ+IvPSCRgkHhxcK0AqrSacYgtRh07BcPvzz0RANR +fuwXPnjJ6xYkrhSBD9QbPeY7OQ2XKV+I4BEWS0mEryo71P3mogj8tfSAC17zyRp ph+w01ez3ySaqqEfdiu2HSRsELcAKcK1eYezmTpH5Guz/cwJVGA5J1Lpn2AnHwKy sNby3JqLN6DOGp2gXTAjfeRifH4PbhX3ukiYSlC07p6u65T4YHZn5cYO/BHn5CIK collkmKheHDbzjBB/q5ETAk78AkNfgtHKL2M9cmITvnXWQY51jlWHBCcQChIV/XL fmb+z+/7ZZ4ZPqVg05U8cOmVuAl3u847GgqKkrp56//YiWN6QbhZERIFp4tUPsRY g1E82s+rinuaQxiDHPqVnkTeP3mlwXAy9UB6jm4YOuo1qv8sFlqXBDZ1YUjlOQEi RVmb+u7Jntcgp8UEYY0b5KP8Y+AdyawT3fRfhddyrbwfTcEpblxG/dT4f4zJDlth 1h1a+VOP4NgtciD8QJwT9W9bRVd0aGjPrYNaa8uibIAwjfL8eKvtWw6VfvBc569P pPz2xohsECvrYH4KMiox85Ep4nYeKYJyV3TuuCK0bPckkZ4/WnwjudohB2IaeSHL YkrOOc1Lw5SwDoCF6OZ8yhDAbd+O1y2RLAgv8mrqqKRGUq8KkH4= =h2pr -----END PGP SIGNATURE-----
--qMm9M+Fa2AknHoGS--
--===============1562979101573731261== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|